2 files changed, 13 insertions, 2 deletions

diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index c6bbf5e3f7..01ab9830f3 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -14,9 +14,9 @@ module ActionView
     def remove_xpaths(html, xpaths)
       if html.respond_to?(:xpath)
         xpaths.each { |xpath| html.xpath(xpath).remove }
-        html.to_s
+        html
       else
-        remove_xpaths(Loofah.fragment(html), xpaths)
+        remove_xpaths(Loofah.fragment(html), xpaths).to_s
       end
     end
   end
diff --git a/actionview/test/template/sanitizers_test.rb b/actionview/test/template/sanitizers_test.rb
index 825a3a1b75..8d2934caed 100644
--- a/actionview/test/template/sanitizers_test.rb
+++ b/actionview/test/template/sanitizers_test.rb
@@ -37,6 +37,17 @@ class SanitizersTest < ActionController::TestCase
     end
   end
 
+  def test_sanitizer_remove_xpaths_called_with_string_returns_string
+    sanitizer = ActionView::Sanitizer.new
+    assert '<a></a>', sanitizer.remove_xpaths('<a></a>', [])
+  end
+
+  def test_sanitizer_remove_xpaths_called_with_fragment_returns_fragment
+    sanitizer = ActionView::Sanitizer.new
+    fragment = sanitizer.remove_xpaths(Loofah.fragment('<a></a>'), [])
+    assert_kind_of Loofah::HTML::DocumentFragment, fragment
+  end
+
   def test_strip_tags_with_quote
     sanitizer = ActionView::FullSanitizer.new
     string    = '<" <img src="trollface.gif" onload="alert(1)"> hi'